Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 29-02-2015 Ran by NOWAK-LP (administrator) on NOWAK-LP-PC on 02-03-2015 02:02:23 Running from C:\Users\NOWAK-LP\Downloads Loaded Profiles: NOWAK-LP (Available profiles: NOWAK-LP) Platform: Microsoft® Windows Vista™ Home Premium Service Pack 1 (X86) OS Language: Polski (Polska) Internet Explorer Version 7 (Default browser: IE) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (AMD) C:\Windows\System32\atiesrxx.exe (Microsoft Corporation) C:\Windows\System32\SLsvc.exe (AMD) C:\Windows\System32\atieclxx.exe (Microsoft Corporation) C:\Windows\System32\wlanext.exe (Agere Systems) C:\Windows\System32\agrsmsvc.exe (Microsoft Corporation) C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe (Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe (Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe (Microsoft Corporation) C:\Windows\System32\msiexec.exe (Nuance Communications, Inc.) C:\Program Files\Nuance\PaperPort\PDFProFiltSrvPP.exe (Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe () C:\Windows\System32\Rezip.exe (Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe (TeamViewer GmbH) C:\Program Files\TeamViewer\TeamViewer_Service.exe (Samsung Electronics Co., Ltd.) C:\Program Files\Samsung\EasySpeedUpManager\EasySpeedUpManager.exe (Samsung Electronics Co., Ltd.) C:\Program Files\Samsung\Samsung Magic Doctor\MagicDoctorKbdHk.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe (Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe (Brother Industries, Ltd.) C:\Program Files\Browny02\Brother\BrStMonW.exe (Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe (TeamViewer GmbH) C:\Program Files\TeamViewer\TeamViewer.exe (TeamViewer GmbH) C:\Program Files\TeamViewer\tv_w32.exe (Advanced Micro Devices Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe (Brother Industries, Ltd.) C:\Program Files\Browny02\BrYNSvc.exe (Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe (Microsoft Corporation) C:\Windows\System32\mobsync.exe (Microsoft Corporation) C:\Windows\System32\wuauclt.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [6703648 2008-12-11] (Realtek Semiconductor) HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1049896 2008-08-28] (Synaptics, Inc.) HKLM\...\Run: [StartCCC] => C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2009-05-20] (Advanced Micro Devices, Inc.) HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [507776 2014-10-07] (Oracle Corporation) HKLM\...\Run: [BrStsMon00] => C:\Program Files\Browny02\Brother\BrStMonW.exe [3076096 2012-06-06] (Brother Industries, Ltd.) HKLM\...\Run: [SBRegRebootCleaner] => C:\Users\NOWAK-LP\AppData\Local\Temp\RemoveVIPRE\sbrc.exe [200560 2012-05-23] (GFI Software) <===== ATTENTION HKU\S-1-5-21-84699557-792703091-1178954015-1004\...\Run: [WMPNSCFG] => C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-21] (Microsoft Corporation) HKU\S-1-5-21-84699557-792703091-1178954015-1004\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\ssBranded.scr [8139264 2008-01-21] (Microsoft Corporation) ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => No File ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION HKU\S-1-5-21-84699557-792703091-1178954015-1004\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome HKU\S-1-5-21-84699557-792703091-1178954015-1004\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch SearchScopes: HKLM -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7SMSN SearchScopes: HKU\S-1-5-21-84699557-792703091-1178954015-1004 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7SMSN BHO: PlusIEEventHelper Class -> {551A852F-39A6-44A7-9C13-AFBEC9185A9D} -> C:\Program Files\Nuance\PDF Viewer Plus\Bin\PlusIEContextMenu.dll (Zeon Corporation) BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation) Tcpip\Parameters: [DhcpNameServer] 62.179.1.62 62.179.1.63 FireFox: ======== FF ProfilePath: C:\Users\NOWAK-LP\AppData\Roaming\Mozilla\Firefox\Profiles\b452k6mz.default-1425255976789 FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_16_0_0_305.dll () FF Plugin: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.) FF Plugin: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.) FF Plugin: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.) FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.) FF Plugin: @tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.) FF Plugin: PDF Architect 2 -> C:\Program Files\PDF Architect 2\np-previewer.dll (pdfforge GmbH) FF Extension: Ghostery - C:\Users\NOWAK-LP\AppData\Roaming\Mozilla\Firefox\Profiles\b452k6mz.default-1425255976789\Extensions\firefox@ghostery.com.xpi [2015-03-02] FF Extension: AdBlock for Firefox - C:\Users\NOWAK-LP\AppData\Roaming\Mozilla\Firefox\Profiles\b452k6mz.default-1425255976789\Extensions\jid1-NIfFY2CA8fy1tg@jetpack.xpi [2015-03-02] Chrome: ======= CHR StartupUrls: Default -> "hxxp://www.onet.pl/" CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter} CHR Plugin: (Widevine Content Decryption Module) - C:\Users\NOWAK-LP\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.6.758\_platform_specific\win_x86\widevinecdmadapter.dll (Google Inc.) CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\40.0.2214.115\PepperFlash\pepflashplayer.dll () CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\40.0.2214.115\internal-nacl-plugin No File CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\40.0.2214.115\pdf.dll () CHR Plugin: (Picasa) - C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.) CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.) CHR Plugin: (Java Deployment Toolkit 8.0.250.18) - C:\Program Files\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) CHR Plugin: (Java(TM) Platform SE 8 U25) - C:\Program Files\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation) CHR Plugin: (Silverlight Plug-In) - C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) CHR Plugin: (PDF Architect 2) - C:\Program Files\PDF Architect 2\np-previewer.dll (pdfforge GmbH) CHR Plugin: (PDF-XChange Viewer) - C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.) CHR Plugin: (Windows Presentation Foundation) - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32_16_0_0_305.dll () CHR Profile: C:\Users\NOWAK-LP\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Google Slides) - C:\Users\NOWAK-LP\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-03-02] CHR Extension: (Google Docs) - C:\Users\NOWAK-LP\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-09-08] CHR Extension: (Google Drive) - C:\Users\NOWAK-LP\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-09-08] CHR Extension: (YouTube) - C:\Users\NOWAK-LP\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-09-08] CHR Extension: (Adblock Plus) - C:\Users\NOWAK-LP\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2015-02-16] CHR Extension: (Google Search) - C:\Users\NOWAK-LP\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-09-08] CHR Extension: (Google Sheets) - C:\Users\NOWAK-LP\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-03-02] CHR Extension: (AdBlock) - C:\Users\NOWAK-LP\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-09-09] CHR Extension: (AdBlock Plus Chrome) - C:\Users\NOWAK-LP\AppData\Local\Google\Chrome\User Data\Default\Extensions\moaoekpigopfefmpegieoggokoncnmbn [2015-02-16] CHR Extension: (Google Wallet) - C:\Users\NOWAK-LP\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-09-08] CHR Extension: (Gmail) - C:\Users\NOWAK-LP\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-09-08] ========================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R3 BrYNSvc; C:\Program Files\Browny02\BrYNSvc.exe [266240 2012-06-05] (Brother Industries, Ltd.) [File not signed] R2 EvtEng; C:\Program Files\Intel\WiFi\bin\EvtEng.exe [819200 2008-07-10] (Intel(R) Corporation) [File not signed] S2 iSafeService; C:\Program Files\Elex-tech\YAC\iSafeSvc.exe [118048 2015-02-27] (Elex do Brasil Participações Ltda) S4 MSSQLServerADHelper; C:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe [45272 2005-10-13] (Microsoft Corporation) R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [45568 2014-04-28] (Hewlett-Packard) [File not signed] S3 PDF Architect 2; C:\Program Files\PDF Architect 2\ws.exe [1771560 2014-06-26] (pdfforge GmbH) S3 pdfforge CrashHandler; C:\Program Files\PDF Architect 2\crash-handler-ws.exe [861736 2014-06-26] (pdfforge GmbH) R2 PDFProFiltSrvPP; C:\Program Files\Nuance\PaperPort\PDFProFiltSrvPP.exe [145256 2011-08-02] (Nuance Communications, Inc.) R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [55808 2014-04-28] (Hewlett-Packard) [File not signed] R2 RegSrvc; C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe [466944 2008-07-10] (Intel(R) Corporation) [File not signed] R2 Rezip; C:\Windows\SYSTEM32\Rezip.exe [311296 2009-03-05] () [File not signed] R2 TeamViewer; C:\Program Files\TeamViewer\TeamViewer_Service.exe [5436176 2015-02-17] (TeamViewer GmbH) S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [272952 2008-01-21] (Microsoft Corporation) R2 yksvc; C:\Windows\System32\ykx32mpcoinst.dll [282624 2009-01-30] (Marvell) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) S3 EsgScanner; C:\Windows\System32\DRIVERS\EsgScanner.sys [19984 2015-02-26] () R1 iSafeKrnl; C:\Program Files\Elex-tech\YAC\iSafeKrnl.sys [215336 2015-02-27] (Elex do Brasil Participações Ltda) S3 iSafeKrnlBoot; C:\Windows\System32\DRIVERS\iSafeKrnlBoot.sys [40744 2015-02-27] (Elex do Brasil Participações Ltda) R1 iSafeKrnlKit; C:\Program Files\Elex-tech\YAC\iSafeKrnlKit.sys [83752 2015-02-27] (Elex do Brasil Participações Ltda) R1 iSafeKrnlMon; C:\Program Files\Elex-tech\YAC\iSafeKrnlMon.sys [34856 2015-02-27] (Elex do Brasil Participações Ltda) R1 iSafeKrnlR3; C:\Program Files\Elex-tech\YAC\iSafeKrnlR3.sys [63400 2015-02-27] (Elex do Brasil Participações Ltda) R1 iSafeNetFilter; C:\Windows\System32\DRIVERS\iSafeNetFilter.sys [56232 2015-02-15] (Elex do Brasil Participações Ltda) R2 KMDFMEMIO; C:\Windows\System32\DRIVERS\kmdfmemio.sys [13312 2008-08-12] (SAMSUNG ELECTRONICS CO., LTD.) S3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [79272 2008-09-26] (McAfee, Inc.) S3 mfebopk; C:\Windows\System32\drivers\mfebopk.sys [35240 2008-09-26] (McAfee, Inc.) R1 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [212968 2008-09-26] (McAfee, Inc.) S3 mferkdk; C:\Windows\System32\drivers\mferkdk.sys [34216 2008-09-26] (McAfee, Inc.) S3 mfesmfk; C:\Windows\System32\drivers\mfesmfk.sys [40488 2008-09-26] (McAfee, Inc.) R3 VMC326; C:\Windows\System32\Drivers\VMC326.sys [238464 2008-11-21] (Vimicro Corporation) S3 catchme; \??\C:\Users\NOWAK-LP\AppData\Local\Temp\catchme.sys [X] S3 IpInIp; system32\DRIVERS\ipinip.sys [X] S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X] S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X] S1 SBRE; \SystemRoot\system32\drivers\SBREDrv.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2015-03-02 02:02 - 2015-03-02 02:03 - 00015830 _____ () C:\Users\NOWAK-LP\Downloads\FRST.txt 2015-03-02 01:51 - 2015-03-02 01:53 - 00000000 ____D () C:\Windows\system32\vbox 2015-03-02 01:48 - 2015-03-02 01:48 - 00000000 ____D () C:\ProgramData\AVAST Software 2015-03-02 01:26 - 2015-03-02 01:26 - 00000000 ____D () C:\Users\NOWAK-LP\Desktop\Stare dane programu Firefox 2015-03-02 00:45 - 2015-03-02 00:45 - 00000008 __RSH () C:\ProgramData\ntuser.pol 2015-03-02 00:29 - 2015-03-02 00:29 - 00011040 _____ () C:\Windows\system32\CartSdkTestLog.csv 2015-03-02 00:26 - 2015-03-02 00:26 - 00000106 _____ () C:\Windows\system32\sbrc.dat 2015-03-02 00:25 - 2015-03-02 00:25 - 00000698 _____ () C:\Windows\Tasks\McAfee Cleanup.job 2015-03-01 23:36 - 2015-03-01 23:36 - 00143552 _____ () C:\Windows\Minidump\Mini030115-01.dmp 2015-02-27 13:50 - 2015-02-27 13:50 - 00001695 _____ () C:\Users\Public\Desktop\YAC.lnk 2015-02-27 13:50 - 2015-02-27 13:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\YAC 2015-02-27 13:15 - 2015-02-27 13:15 - 00010530 _____ () C:\ComboFix.txt 2015-02-27 13:01 - 2015-02-27 13:15 - 00000000 ____D () C:\Qoobox 2015-02-27 13:01 - 2011-06-26 07:45 - 00256000 _____ () C:\Windows\PEV.exe 2015-02-27 13:01 - 2010-11-07 18:20 - 00208896 _____ () C:\Windows\MBR.exe 2015-02-27 13:01 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe 2015-02-27 13:01 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe 2015-02-27 13:01 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe 2015-02-27 13:01 - 2000-08-31 01:00 - 00098816 _____ () C:\Windows\sed.exe 2015-02-27 13:01 - 2000-08-31 01:00 - 00080412 _____ () C:\Windows\grep.exe 2015-02-27 13:01 - 2000-08-31 01:00 - 00068096 _____ () C:\Windows\zip.exe 2015-02-27 12:55 - 2015-02-27 12:55 - 00000000 ____D () C:\Users\NOWAK-LP\AppData\Local\TeamViewer 2015-02-27 12:53 - 2015-02-27 13:05 - 00000000 ____D () C:\Program Files\TeamViewer 2015-02-27 12:53 - 2015-02-27 12:53 - 00000840 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 10.lnk 2015-02-27 12:53 - 2015-02-27 12:53 - 00000828 _____ () C:\Users\Public\Desktop\TeamViewer 10.lnk 2015-02-27 01:15 - 2015-02-27 01:17 - 00000000 ____D () C:\AdwCleaner 2015-02-26 22:37 - 2015-03-01 23:15 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy 2015-02-26 22:14 - 2015-02-27 13:14 - 00000000 ____D () C:\Windows\erdnt 2015-02-26 21:31 - 2015-02-26 21:31 - 00333355 _____ () C:\spyhunter.log 2015-02-26 21:05 - 2015-03-02 02:02 - 00000000 ____D () C:\FRST 2015-02-26 20:54 - 2015-03-02 00:07 - 01132032 _____ (Farbar) C:\Users\NOWAK-LP\Downloads\FRST.exe 2015-02-26 20:31 - 2015-02-26 20:32 - 00058197 _____ () C:\sh4_service.log 2015-02-26 20:28 - 2015-02-26 19:27 - 00285747 _____ () C:\shldr 2015-02-26 20:28 - 2015-02-26 19:27 - 00008192 _____ () C:\shldr.mbr 2015-02-26 19:26 - 2015-02-26 19:27 - 00000000 ____D () C:\sh4ldr 2015-02-26 19:26 - 2015-02-26 19:26 - 00019984 _____ () C:\Windows\system32\Drivers\EsgScanner.sys 2015-02-26 16:41 - 2015-03-01 23:18 - 00000000 ____D () C:\Program Files\Enigma Software Group 2015-02-26 16:40 - 2015-02-26 16:40 - 00000000 ____D () C:\Program Files\Common Files\Wise Installation Wizard 2015-02-25 23:25 - 2012-09-20 05:11 - 00226080 _____ (GFI Software) C:\Windows\system32\Drivers\SbFw.sys 2015-02-25 23:25 - 2012-09-20 05:11 - 00094496 _____ (GFI Software) C:\Windows\system32\Drivers\sbhips.sys 2015-02-25 21:41 - 2015-03-02 01:47 - 00001912 _____ () C:\Windows\epplauncher.mif 2015-02-25 21:40 - 2014-12-31 12:13 - 00249488 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe 2015-02-24 21:21 - 2015-02-24 21:21 - 00000000 ____D () C:\Windows\system32\MRT 2015-02-24 17:15 - 2015-03-02 01:56 - 00000000 ____D () C:\Users\NOWAK-LP\AppData\Roaming\Dropbox 2015-02-24 15:37 - 2015-02-24 15:37 - 00000000 ____D () C:\Users\NOWAK-LP\AppData\Roaming\VSRevoGroup 2015-02-19 14:02 - 2015-02-19 14:02 - 01565824 _____ () C:\Users\NOWAK-LP\Desktop\dzialka zuzanka.odt 2015-02-18 12:31 - 2015-02-18 12:31 - 00000104 _____ () C:\Users\NOWAK-LP\Desktop\Kosz.lnk 2015-02-17 18:33 - 2015-03-02 00:43 - 00000000 ____D () C:\Program Files\Mozilla Firefox 2015-02-17 14:38 - 2015-02-17 14:38 - 00000218 _____ () C:\Users\NOWAK-LP\AppData\Local\recently-used.xbel ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2015-03-02 02:01 - 2009-06-17 22:01 - 01979514 _____ () C:\Windows\WindowsUpdate.log 2015-03-02 01:58 - 2014-09-07 15:08 - 02063248 _____ () C:\Windows\PFRO.log 2015-03-02 01:58 - 2006-11-02 14:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2015-03-02 01:58 - 2006-11-02 13:47 - 00004784 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 2015-03-02 01:58 - 2006-11-02 13:47 - 00004784 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 2015-03-02 01:57 - 2006-11-02 14:01 - 00032608 _____ () C:\Windows\Tasks\SCHEDLGU.TXT 2015-03-02 01:51 - 2014-09-15 09:39 - 00000000 ____D () C:\Users\NOWAK-LP\Desktop\umowy Kari 2015-03-02 00:41 - 2015-01-20 13:27 - 00000000 ____D () C:\Users\NOWAK-LP\Desktop\hestia 2015-03-02 00:41 - 2014-12-15 12:26 - 00000000 ____D () C:\Users\NOWAK-LP\Desktop\KREDYTY 2015-03-02 00:41 - 2014-11-26 16:58 - 00000000 ____D () C:\Users\NOWAK-LP\Desktop\GrandeSoldi 2015-03-02 00:41 - 2014-11-12 13:36 - 00000000 ____D () C:\Users\NOWAK-LP\Desktop\UBEZPIECZENIA 2015-03-02 00:41 - 2014-11-05 10:46 - 00000000 ____D () C:\Users\NOWAK-LP\Desktop\akt2 2015-03-02 00:41 - 2014-09-24 13:53 - 00000000 ____D () C:\Users\NOWAK-LP\AppData\Local\Mozilla 2015-03-02 00:41 - 2014-09-23 11:29 - 00000000 ____D () C:\Users\NOWAK-LP\Desktop\dokumenty 2015-03-02 00:41 - 2014-09-15 09:39 - 00000000 ____D () C:\Users\NOWAK-LP\Desktop\umowy klienci 2015-03-02 00:41 - 2014-09-15 09:38 - 00000000 ____D () C:\Users\NOWAK-LP\Desktop\NIERUCHOMOSCI 2015-03-02 00:41 - 2014-09-10 10:47 - 00000000 ____D () C:\Users\NOWAK-LP\AppData\Roaming\Skype 2015-03-02 00:41 - 2014-09-10 10:47 - 00000000 ____D () C:\Users\NOWAK-LP\AppData\Local\Skype 2015-03-02 00:41 - 2014-09-09 10:52 - 00000000 ____D () C:\Users\NOWAK-LP\AppData\Roaming\OpenOffice 2015-03-02 00:41 - 2014-09-08 13:58 - 00000000 ____D () C:\Users\NOWAK-LP\AppData\Roaming\Thunderbird 2015-03-02 00:41 - 2014-09-08 13:58 - 00000000 ____D () C:\Users\NOWAK-LP\AppData\Roaming\Mozilla 2015-03-02 00:41 - 2014-09-08 13:58 - 00000000 ____D () C:\Users\NOWAK-LP\AppData\Local\Thunderbird 2015-03-02 00:41 - 2014-09-08 13:53 - 00000000 ____D () C:\Users\NOWAK-LP\AppData\Local\Google 2015-03-02 00:41 - 2014-09-08 13:53 - 00000000 ____D () C:\Users\NOWAK-LP 2015-03-02 00:40 - 2009-06-17 06:32 - 00000000 ____D () C:\ProgramData\WinClon 2015-03-02 00:40 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\system32\GroupPolicy 2015-03-02 00:18 - 2009-06-17 04:52 - 00708764 _____ () C:\Windows\system32\perfh015.dat 2015-03-02 00:18 - 2009-06-17 04:52 - 00144430 _____ () C:\Windows\system32\perfc015.dat 2015-03-02 00:18 - 2006-11-02 11:33 - 01600154 _____ () C:\Windows\system32\PerfStringBackup.INI 2015-03-01 23:55 - 2014-09-19 13:19 - 00000000 ____D () C:\Users\NOWAK-LP\AppData\Local\Adobe 2015-03-01 23:55 - 2009-06-17 06:29 - 00000000 ____D () C:\ProgramData\Adobe 2015-03-01 23:36 - 2014-10-17 17:01 - 00000000 ____D () C:\Windows\Minidump 2015-03-01 23:35 - 2014-10-17 16:55 - 3184135702 _____ () C:\Windows\MEMORY.DMP 2015-03-01 20:52 - 2006-11-02 13:47 - 00405928 _____ () C:\Windows\system32\FNTCACHE.DAT 2015-02-27 15:54 - 2009-06-17 07:43 - 00000000 ____D () C:\Program Files\Microsoft SQL Server 2015-02-27 15:54 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\Registration 2015-02-27 13:49 - 2014-09-08 13:54 - 00109424 _____ () C:\Users\NOWAK-LP\AppData\Local\GDIPFONTCACHEV1.DAT 2015-02-27 13:39 - 2014-09-08 13:53 - 00000949 _____ () C:\Users\NOWAK-LP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2015-02-27 13:39 - 2014-09-08 13:53 - 00000915 _____ () C:\Users\NOWAK-LP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Mail.lnk 2015-02-27 13:15 - 2006-11-02 12:18 - 00000000 __RHD () C:\Users\Default 2015-02-27 13:15 - 2006-11-02 12:18 - 00000000 ___RD () C:\Users\Public 2015-02-27 13:13 - 2006-11-02 11:23 - 00000215 _____ () C:\Windows\system.ini 2015-02-27 12:04 - 2015-01-15 15:43 - 00040744 _____ (Elex do Brasil Participações Ltda) C:\Windows\system32\Drivers\iSafeKrnlBoot.sys 2015-02-26 21:31 - 2009-06-17 06:10 - 00000000 ____D () C:\Program Files\Atheros WLAN Client 2015-02-26 21:18 - 2014-09-17 09:56 - 00000000 ____D () C:\Users\NOWAK-LP\Desktop\BROTHER 2015-02-26 20:38 - 2014-09-07 14:55 - 00000846 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk 2015-02-26 19:43 - 2014-09-07 14:55 - 00000858 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk 2015-02-26 10:21 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\Microsoft.NET 2015-02-26 10:05 - 2009-06-17 07:39 - 00000000 ____D () C:\Program Files\Microsoft.NET 2015-02-26 09:52 - 2014-09-24 13:08 - 00000000 ____D () C:\Program Files\Microsoft Silverlight 2015-02-26 09:40 - 2014-09-24 13:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight 2015-02-24 16:11 - 2014-09-15 09:38 - 00000000 ____D () C:\Users\NOWAK-LP\Desktop\loga 2015-02-24 15:29 - 2014-09-07 14:28 - 00000000 ____D () C:\Windows\pss 2015-02-21 17:53 - 2015-01-20 12:42 - 00001977 _____ () C:\Users\Public\Desktop\Google Chrome.lnk 2015-02-18 10:03 - 2014-09-07 14:55 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service 2015-02-17 14:40 - 2014-09-16 10:11 - 00000000 ____D () C:\Users\NOWAK-LP\.gimp-2.8 2015-02-17 14:38 - 2014-09-16 11:19 - 00000000 ____D () C:\Users\NOWAK-LP\AppData\Local\gtk-2.0 2015-02-17 14:22 - 2014-09-07 15:11 - 00010074 _____ () C:\Windows\setupact.log 2015-02-16 11:17 - 2006-11-02 11:23 - 00000230 _____ () C:\Windows\win.ini 2015-02-15 09:37 - 2015-01-15 15:43 - 00056232 _____ (Elex do Brasil Participações Ltda) C:\Windows\system32\Drivers\iSafeNetFilter.sys 2015-02-05 13:52 - 2014-12-18 17:08 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe 2015-02-05 13:52 - 2014-12-18 17:08 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl ==================== Files in the root of some directories ======= 2014-09-12 15:54 - 2014-09-12 15:54 - 0003584 _____ () C:\Users\NOWAK-LP\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2015-02-17 14:38 - 2015-02-17 14:38 - 0000218 _____ () C:\Users\NOWAK-LP\AppData\Local\recently-used.xbel Files to move or delete: ==================== C:\Users\NOWAK-LP\AppData\Local\Temp\RemoveVIPRE\sbrc.exe Some content of TEMP: ==================== C:\Users\NOWAK-LP\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpaqybgv.dll ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\explorer.exe => File is digitally signed C:\Windows\system32\winlogon.exe => File is digitally signed C:\Windows\system32\wininit.exe => File is digitally signed C:\Windows\system32\svchost.exe => File is digitally signed C:\Windows\system32\services.exe => File is digitally signed C:\Windows\system32\User32.dll => File is digitally signed C:\Windows\system32\userinit.exe => File is digitally signed C:\Windows\system32\rpcss.dll => File is digitally signed C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-03-02 02:04 ==================== End Of Log ============================